summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cache.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15132: Fix some shadowed variable warningsVolker Lendecke1-22/+22
(This used to be commit 97d2c20b0b37ac07b6e37e9614ff41ab7e131c98)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-3/+3
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r14675: Protect against null sids and rids in the cached credentials functions.Günther Deschner1-2/+28
Guenther (This used to be commit e162253a32119a31dd652b00f942d4c1a16fab83)
2007-10-10r14674: Further cleanup for cached logins, only dump hashes with DEBUG_PASSWORD.Günther Deschner1-1/+5
Guenther (This used to be commit 24afdda2ae7626b8c0b378d158ede391924d1274)
2007-10-10r14393: Fix a couple of AIX warnings.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 8444c997bd3e18b1d04ebe85f06c8c6e34d7373f)
2007-10-10r14282: Change centry_string to only use talloc. ShouldJeremy Allison1-16/+12
quieten coverity bug #194 (which I think is a false positive). Jeremy. (This used to be commit 07d8b02d3dddf7322e096f3f0a7cc1c8fa709fa3)
2007-10-10r14076: When the backends trusted_domains call comes back with no trusts theGünther Deschner1-1/+9
NTSTATUS code will be NT_STATUS_NO_MORE_ENTRIES. In that case store NT_STATUS_OK in the centry so that the entry does not automatically deleted upon startup or invalidated upon next query. Guenther (This used to be commit 200d4566619c58951e22d9543420407b3baf878f)
2007-10-10r13984: Fix Coverity bug # 98Volker Lendecke1-1/+3
(This used to be commit 0a2aa3a48bd5fd7e5a9aa06068ddd621b19c1dbe)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-4/+2
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13409: No functional changes, just some DEBUG cleanup.Günther Deschner1-4/+2
Guenther (This used to be commit 286f6fc2339cf4ef232c16466b8dffdcddbe343f)
2007-10-10r13377: Fix from Volker: Make offline authentication work with NT4 as wellGünther Deschner1-0/+8
(handle no ACB_NORMAL flag and save name2sid as early as possible). Guenther (This used to be commit a04a5e40b774b7fe535e9cbbabddf94ee5578005)
2007-10-10r13371: Remove an unused functionVolker Lendecke1-8/+0
(This used to be commit dde8322b5c26b04222eefd3c1d450852f849079f)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-72/+786
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13309: If the sid in the winbind name2sid cache is not valid ↵Volker Lendecke1-1/+3
(NT_STATUS_NONE_MAPPED), we have S-0-0 as a SID in the cache. This leads to ugly level 0 messages from string_to_sid. Avoid them. Volker (This used to be commit d62da3e9875592af91469bf75ca32be77a40ea59)
2007-10-10r12788: Since we have agreed on the case of winbindd names, we can store aGünther Deschner1-2/+5
sid_to_name lookup result already after doing a sucessfull name_to_sid lookup. Guenther (This used to be commit 2456832a6d9ad2590dc02e147cc2c2e87d5a3a7a)
2007-10-10r12787: Revert last commit that removed our logic of memorizing negativeGünther Deschner1-3/+1
name_to_sid lookups in the cache. Guenther (This used to be commit 348d309688260d17d9cdbf11fc54ad30829ceae5)
2007-10-10r12742: Don't write null sid mappings into the winbindd_cache.tdb.Günther Deschner1-1/+3
Guenther (This used to be commit 1e0124efc54810125bbfae6dce536b2c4fff62c1)
2007-10-10r12341: add DEBUG statement.Günther Deschner1-1/+3
Guenther (This used to be commit d50098518d77f9559457f558df7d11d3f026833e)
2007-10-10r12193: Fix some typos.Günther Deschner1-1/+1
Guenther (This used to be commit 499224f02a8722eea0d4644ca81ca55da0e9a86b)
2007-10-10r11704: methods->alternate_name is not used anymore -- remove itVolker Lendecke1-13/+0
(This used to be commit 4a4f85f0ef8545b7062e9a49392d4488aa108036)
2007-10-10r11652: Reinstate the netsamlogon_cache in order to workGerald Carter1-0/+38
around failed query_user calls. This fixes logons to a member of a Samba domain as a user from a trusted AD domain. As per comments on samba-technical, I still need to add (a) cache the PAC info as werll as NTLM net_user_info_3 (b) expire the cache when the SMB session goes away Both Jeremy and Guenther have signed off on the idea. (This used to be commit 0c2bb5ba7b92d9210e7fa9f7b70aa67dfe9faaf4)
2007-10-10r11651: After talking to Jeremy, commit my winbindd "Do the Right Thing" patch.Gerald Carter1-24/+33
Still needs some more testing ni domains with multiple DCs. Coming next.... (This used to be commit aaed605206a8549cec575dab31e56bf6d32f26a6)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-1/+1
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-46/+40
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9588: remove netsamlogon_cache interface...everything seems to work fine. ↵Gerald Carter1-38/+0
Will deal with any fallout from special environments using a non-cache solution (This used to be commit e1de6f238f3981d81e49fb41919fdce4f07c8280)
2007-10-10r9330: Remove the classic dual daemon since it was not being used.Gerald Carter1-12/+3
It was already gone in trunk anyways. working on fixing BUG 3000 which does work now but we are flying without a cache. (This used to be commit 4936d6d8b28edc59a3d17defcdf255ea6e0ba4e0)
2007-10-10r9322: fixing debug log and ensuring that we set the right winbind_methodsGerald Carter1-3/+5
pointer in get_cache() by requiring that all domain structure be initialized with the set_dc_type_and_flags(). (This used to be commit c064609b942e88c70fe0a868e52c57ad1016850c)
2007-10-10r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the ↵Günther Deschner1-0/+8
POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-52/+208
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6755: removing domain_sid() since it is not referenced anymoreGerald Carter1-13/+0
(This used to be commit 8104149e6f490fa1a298e61becc8df01ddd92008)
2007-10-10r6401: Fix a debug messageVolker Lendecke1-1/+1
(This used to be commit fb561fe26cc61272e24965b81e276fa5420b146d)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-6/+6
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r4967: Not being in any domain local groups is obviously valid...Volker Lendecke1-1/+1
Volker (This used to be commit 78975ab9a996ac61be37410f18ddedb9df58d04b)
2007-10-10r4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testingVolker Lendecke1-0/+86
shows that this info is correctly returned to us in to info3 struct, so check_info3_in_group does not need to be adapted. Volker (This used to be commit a84e778cafcefdc1809474c2123e757c8c9d9b70)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-14/+14
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r2822: Fix parameter confusion in priming of name-to-sid cache. Found byTim Potter1-1/+1
Qiao Yang. (This used to be commit 30ae13cb9fbe5f04e46bcbd5e0c19da9b33341d5)
2007-10-10r2351: Fix use of an uninitialized variable. valgrind is sooo useful.Volker Lendecke1-2/+2
Volker (This used to be commit 11f617eafd5512dab89bc363662f8e6953c359d4)
2007-10-10r2001: Fix bug 1622. Thanks to Qiao Yang for the patch and Sven Thomsen for ↵Volker Lendecke1-1/+3
testing it. Volker (This used to be commit 0a3413fbe378bc378aea7ffe9a6af8b65ce49f4a)
2007-10-10r991: Allow winbindd to use the domain trust account passwordGerald Carter1-0/+6
for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u. (This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
2007-10-10r535: Another memleak fix from kawasa_r@itg.hitachi.co.jpJeremy Allison1-0/+2
Jeremy. (This used to be commit 2d52562691d59b44546225454f6fff5b64552de8)
2007-10-10r294: checking in volker's winbindd patches; tested on domain members (Samba ↵Gerald Carter1-9/+16
and AD) as well as on a Samba DC (This used to be commit 157d53782d6a7d0b7e30676a674ff2a25a15369c)
2007-10-10r38: Fix caching of name->sid lookupsVolker Lendecke1-1/+2
Volker (This used to be commit 23c5769545dc8371a679ad4c679578c617f7d85b)
2004-03-30Apply some constVolker Lendecke1-3/+3
(This used to be commit 8037750df568e6b51b2b0cba9192468110470388)
2004-03-22BUG 1185: use 'winbind cache time' as the reconnect period when seq_num == ↵Gerald Carter1-0/+2
-1 rather than multiplying it by 8 (the default cache time is 5 minutes now) (This used to be commit 8d6e370313b62556ba13d88e1ab5ff468ac103c8)
2004-01-14* Revert to using rpc for mixed mode AD domains.Gerald Carter1-3/+9
The reason for this are: (a) the set_dc_type_and_flags() cannot tell the different between connecting to an NT4 domain and an NT4 BDC of a mixed mode domain. (b) the connection management for the rpc backend only provides on named pipe per cli_state. So it is possible to connect to an NT4 BDC for netlogon and an AD mixed mode DC for lsarpc. RPC is the lowest common demonimator here. (c) Issue with the sequence number value between the highestCommittedUSN LDAP attribute and the seq_num returned via RPC. We will revisit this later, but the changes need to make this work right now are too broad and risky. (This used to be commit 1ed2e521536108229d153c2996f4757d89461166)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett1-1/+3
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-08Move more of winbind to use 'find_our_domain()' rather than the dangerousAndrew Bartlett1-1/+1
find_domain_from_name(lp_workgroup()). (as find_domain_from_name() can change the data in lp_workgroup()) Andrew Bartlett (This used to be commit 2e6eaad9ce6a0ad6923b5952ef6cf1c3688b7cfa)
2004-01-05Add const.Andrew Bartlett1-3/+3
(This used to be commit aacb817e89d17349003159e1b7c28546babc8559)
2003-11-12a small include file rearrangement that doesn't affect normalAndrew Tridgell1-0/+1
compilation, but that allows Samba3 to take advantage of pre-compiled headers in gcc if available. (This used to be commit b3e024ce1da7c7e24fcacd8a2964dd2e4562ba39)
2003-08-15get rid of more compiler warningsHerb Lewis1-4/+4
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)